<?php
// 预处理语句：
header("Content-type:text/html;charset=utf8");


$servername="localhost";
$username="root";
$password="root";
$dbname="bbv";

try{
    $conn=new PDO("mysql:host=$servername;dbname=$dbname",$username,$password);
    $conn->setAttribute(PDO::ATTR_ERRMODE,PDO::ERRMODE_EXCEPTION);

    // 预处理 SQL 并绑定参数
    $stmt=$conn->prepare("insert into bbv(firstname,lastname,email)
    values(:firstname,:lastname,:email)");
    $stmt->bindParam(':firstname',$firstname);
    $stmt->bindParam(':lastname',$lastname);
    $stmt->bindParam(':email',$email);

    // 插入行
    $firstname="mary";
    $lastname="Moe";
    $email="zlz@email.com";
    $stmt->execute();

    // 插入其他行
    $firstname ="z";
    $lastname= "bsa";
    $email ="kka@email.com";
    $stmt->execute();

    echo "插入用预处理的数据成功";

}
catch(PDOException $e)
{
    echo $sql . "<br>" .$e->getMessage();
}
$conn=null;